Facebook, Twitter and Google Crawl Links in Private Email and Messages

Data privacy is fast becoming a running joke, and users are the punchline. Following the hoopla surrounding NSA's PRISM program, there's evidence to suggest that even link crawling robots can (and do) violate user privacy by sniffing out URLs included in private messages and emails. Not all sites are guilty of this behavior, but of the few that are, they're pretty popular portals.

High-Tech Bridge, an information security solutions provider, conducted a simple experiment to verify how the 50 largest social networks, web services, and free email systems respect (or abuse) the privacy of their users. The company deployed a dedicated web server and created secret URLs on it for each tested service. During the 10 days of the experiment, High-Tech Bridge used the tested services to transmit the secret URLs while carefully monitoring its web server logs for all incoming HTTP requests.

"We trapped only six services out of the 50. However, among those six were four of the biggest and most used social networks: Facebook, Twitter, Google+ and Formspring," High-Tech Bridge said. "The remaining two were URL shortening services: bit.ly and goo.gl."

Image Source: Flickr (opensourceway)

URL shortening services could get a free pass on the premise that such behavior is part of their legitimate functions, but the same argument can't be made for for social networks like Facebook and Twitter.

"Taking into consideration that some of the services may have legitimate robots (e.g. to verify and block spam links) crawling every user-transmitted link automatically, we also created a robots.txt file on our web server that restricted bots accessing the server and its content. Only Twitter respected this restriction, all other social networks simply ignored it, accessing the secret URL," High-Tech Bridge noted.

Unfortunately, there just doesn't appear to be a way to send URLs privately through social networks,